From f9dcdc7fefcab5ec9b15b0f3c87dfebef37ecaa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
Date: Tue, 8 May 2018 09:40:43 +0200
Subject: kernel: mark source kernel for netfilter backports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This helps keeping track on patches & adding new kernels in the future.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
---
 ...low-table-support-for-the-mixed-IPv4-IPv6.patch | 141 +++++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100644 target/linux/generic/backport-4.14/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch

(limited to 'target/linux/generic/backport-4.14/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch')

diff --git a/target/linux/generic/backport-4.14/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch b/target/linux/generic/backport-4.14/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch
new file mode 100644
index 0000000000..9fcb1be982
--- /dev/null
+++ b/target/linux/generic/backport-4.14/325-v4.16-netfilter-flow-table-support-for-the-mixed-IPv4-IPv6.patch
@@ -0,0 +1,141 @@
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sun, 7 Jan 2018 01:04:22 +0100
+Subject: [PATCH] netfilter: flow table support for the mixed IPv4/IPv6 family
+
+This patch adds the IPv6 flow table type, that implements the datapath
+flow table to forward IPv6 traffic.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ create mode 100644 net/netfilter/nf_flow_table_inet.c
+
+--- a/include/net/netfilter/nf_flow_table.h
++++ b/include/net/netfilter/nf_flow_table.h
+@@ -111,6 +111,11 @@ struct flow_ports {
+ 	__be16 source, dest;
+ };
+ 
++unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
++				     const struct nf_hook_state *state);
++unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
++				       const struct nf_hook_state *state);
++
+ #define MODULE_ALIAS_NF_FLOWTABLE(family)	\
+ 	MODULE_ALIAS("nf-flowtable-" __stringify(family))
+ 
+--- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
++++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
+@@ -202,7 +202,7 @@ static bool nf_flow_exceeds_mtu(struct s
+ 	return false;
+ }
+ 
+-static unsigned int
++unsigned int
+ nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
+ 			const struct nf_hook_state *state)
+ {
+@@ -254,6 +254,7 @@ nf_flow_offload_ip_hook(void *priv, stru
+ 
+ 	return NF_STOLEN;
+ }
++EXPORT_SYMBOL_GPL(nf_flow_offload_ip_hook);
+ 
+ static struct nf_flowtable_type flowtable_ipv4 = {
+ 	.family		= NFPROTO_IPV4,
+--- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
++++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
+@@ -196,7 +196,7 @@ static bool nf_flow_exceeds_mtu(struct s
+ 	return false;
+ }
+ 
+-static unsigned int
++unsigned int
+ nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
+ 			  const struct nf_hook_state *state)
+ {
+@@ -248,6 +248,7 @@ nf_flow_offload_ipv6_hook(void *priv, st
+ 
+ 	return NF_STOLEN;
+ }
++EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook);
+ 
+ static struct nf_flowtable_type flowtable_ipv6 = {
+ 	.family		= NFPROTO_IPV6,
+--- a/net/netfilter/Kconfig
++++ b/net/netfilter/Kconfig
+@@ -661,6 +661,14 @@ endif # NF_TABLES_NETDEV
+ 
+ endif # NF_TABLES
+ 
++config NF_FLOW_TABLE_INET
++	select NF_FLOW_TABLE
++	tristate "Netfilter flow table mixed IPv4/IPv6 module"
++	help
++          This option adds the flow table mixed IPv4/IPv6 support.
++
++	  To compile it as a module, choose M here.
++
+ config NF_FLOW_TABLE
+ 	tristate "Netfilter flow table module"
+ 	help
+--- a/net/netfilter/Makefile
++++ b/net/netfilter/Makefile
+@@ -112,6 +112,7 @@ obj-$(CONFIG_NFT_FWD_NETDEV)	+= nft_fwd_
+ 
+ # flow table infrastructure
+ obj-$(CONFIG_NF_FLOW_TABLE)	+= nf_flow_table.o
++obj-$(CONFIG_NF_FLOW_TABLE_INET) += nf_flow_table_inet.o
+ 
+ # generic X tables 
+ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
+--- /dev/null
++++ b/net/netfilter/nf_flow_table_inet.c
+@@ -0,0 +1,48 @@
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/module.h>
++#include <linux/netfilter.h>
++#include <linux/rhashtable.h>
++#include <net/netfilter/nf_flow_table.h>
++#include <net/netfilter/nf_tables.h>
++
++static unsigned int
++nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
++			  const struct nf_hook_state *state)
++{
++	switch (skb->protocol) {
++	case htons(ETH_P_IP):
++		return nf_flow_offload_ip_hook(priv, skb, state);
++	case htons(ETH_P_IPV6):
++		return nf_flow_offload_ipv6_hook(priv, skb, state);
++	}
++
++	return NF_ACCEPT;
++}
++
++static struct nf_flowtable_type flowtable_inet = {
++	.family		= NFPROTO_INET,
++	.params		= &nf_flow_offload_rhash_params,
++	.gc		= nf_flow_offload_work_gc,
++	.hook		= nf_flow_offload_inet_hook,
++	.owner		= THIS_MODULE,
++};
++
++static int __init nf_flow_inet_module_init(void)
++{
++	nft_register_flowtable_type(&flowtable_inet);
++
++	return 0;
++}
++
++static void __exit nf_flow_inet_module_exit(void)
++{
++	nft_unregister_flowtable_type(&flowtable_inet);
++}
++
++module_init(nf_flow_inet_module_init);
++module_exit(nf_flow_inet_module_exit);
++
++MODULE_LICENSE("GPL");
++MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
++MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */
-- 
cgit v1.2.3